When Microsoft shipped Windows Vista, the addition of security technologies like ASLR (Address Space Layout Randomization) alongside DEP (Data Execution Prevention) and SafeSEH were held up as major roadblocks to hacker attacks. With every new service pack of OS upgrade, these mitigations got stronger and stronger but, at Pwn2Own, attackers found ways to bypass and defeat these mechanisms. In typical cat-and-mouse fashion, this shows that the skilled, dedicated hackers with the right motivation will always find ways to stay ahead of the security technologies.
ASLR + DEP Bypass Puts Hackers Ahead
Author: Chris Brook
When Microsoft shipped Windows Vista, the addition of security technologies like ASLR (Address Space Layout Randomization) alongside DEP (Data Execution Prevention) and SafeSEH were held up as major roadblocks to hacker attacks. With every new service pack of OS upgrade, these mitigations got stronger and stronger but, at Pwn2Own, attackers found ways to bypass and defeat these mechanisms. In typical cat-and-mouse fashion, this shows that the skilled, dedicated hackers with the right motivation will always find ways to stay ahead of the security technologies.